Let's rule out the obvious...
My Facebook app requests the following permissions: user_work_history, friends_work_history
...so the usual suspect (insufficient permissions) isn't the source of my problem.
ISSUE:
The following graph api call works perfectly: /me/friends?fields=name,work
I get back names, ids, work history, etc. Just like you'd expect.
BUT
When I replace the /me with the user id of one my apps users (who has already authorized the app), I can only see names and ids (no work or education fields).
Why is this?
The reason why, is the access token you are using is not the access token belonging to the user you want to look at. Check out your token in the linter tool (https://developers.facebook.com/tools/lint) and see who it belongs to.
When you do get a user access token for that individual, then you can use it to get their friends. You wont need to specify /{userid}/friends?fields=name,work (although you could), just /me/friends?fields=name,work since the access token belongs to that user id.
Related
I have authorized my app for several Facebook permissions using my own user account. If I look at the UI, I can see those permissions granted.
If I pull the permissions from the API, it shows many of these same permissions as declined for my user.
That's an API call through the Graph API Explorer using my app's token. I get the same results using cURL.
Some of these permissions require approval from FB, but they have all been approved.
It feels like I'm missing something here. Why does the API return different results than what is shown in the UI? I'm hoping to use the API to see which permissions a user has granted for my app and to ask for a new one if they haven't already granted it. If I can't get accurate results from the API, this won't work.
This happened because I had the wrong Facebook user ID. I used a web site to find my ID which gave me the wrong ID. I found my ID in my app's database, and this returned the correct results from the API.
I have written a Python script that makes some statistics for me and a couple of friends based on our posts and comments in them. I've been using it by getting a temporary token in Graph Explorer and copying it to the script before running it. So far I've been able to access friends' posts with API 1.0 (and for some time with 2.0, I assume that was a bug) but now the 1.0 API is getting closed and I'm running into an issue - while some of the /post requests are still accessible to me, many return an "Unsupported get request" error. I can only assume that I can't access these anymore unless I'm using their User Access Token.
I'm not sure what I can do now:
ask them to use Graph Explorer to provide me a temporary token. It works, is pretty secure with default permissions but I would have to do it every time I wanted to update the data.
make some sort of dummy app that they will log into once. I don't know if that violates any rules and if it will be removed immidetaly, I hope not. But I have no idea how to extract the user access token out of the app so I can use it in the script.
What's the "correct" way of doing this?
If the App is only for a specific group of people, it should be no problem. Just add your friends as Tester in the App so they can authorize it with the read_stream permission. Else you would need to go through a review process, and Facebook usually does not approve read_stream.
You don´t really need to handle the Access Token, just use the JavaScript SDK and read the stream of your friends whenever they visit your App.
Btw, you can get the Access Token in the callback response of FB.login. But it will only be valid for 2 hours, you can extend it to 60 days though. More information about extending Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens
Easy solution: Create an entry page where your friends (who are Testers in the App) can authorize with read_stream. Right after authorization or refreshing the Token with FB.getLoginStatus, read their posts and store them.
Here´s some code to get you started on that entry page: http://www.devils-heaven.com/facebook-javascript-sdk-login/
...of course you can also just let your friends generated the Access Token manually. Information about that can be found in the Facebook docs (see Link above) or (for example) here: http://www.devils-heaven.com/facebook-access-tokens/ - they can then give you the Token, it will be valid for 60 days if it´s an extended one, or only 2 hours if it´s a default User Token.
This works: https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=me/groups
This doesn't: https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=1234567890/groups
(where 1234567890 is someone who is not a friend, but is in or applying to a group I admin).
However, this works:
https://www.facebook.com/1234567890
and I can see their groups just fine.
QUESTION: Is there a way I can act-as-me or other permission to see someone's groups through an app?
This is likely a permissions/token thing - but I need to 'act-as-me' and see what I can see/have-rights-to.
END GOAL: I need to assist my rejecting of automated spammed join-requests. Easy to recognize who is fake, so I want to automate that. But, how can I have an app see what I see in FB (without screen scraping).
Thanks,
Even though you can see their groups publicly, you can't get their groups using the Graph API unless you have a valid Access Token from that user with user_groups permission.
The documentation for the User Groups clearly says that:
A user access token with user_groups permission is required to view the groups that person is a member of.
A user access token with friend_groups permission is required to view the groups that person's friends are members of.
You can find more details about Access tokens here.
I'm noticing an inconsistency with the FB Graph API.
Suppose I'm logged in (and have access_token for) user Bob. Bob isn't friends with user Jim.
If I, as Bob, via the Graph API, ask for data about Jim:
https://graph.facebook.com/jim?access_token=blah&fields=location,hometown,name,id,address
I get a structure like this back:
{
"id": "1",
"name": "Jim"
}
Note that the fields that I've requested are conspicuously missing.
However, if I log in to the FB website as Bob, and then search for Jim, I can see his location and hometown on his "About" page, even if I'm not friends with him.
Why is this? Is there some additional token permission I have to specify or field I need to ask for in order to get this data (which is evidently rather public) from the API?
Got stuck on the same issue.
As I understand from end of this page access token has to include user_location and user_hometown permissions. Tried it in api explorer but had no success - still was not able to see location information through api for users that had this info visible on their profile page.
update: answers here and here suggest that data access through api / app is more restricted than through webpage to prevent web mining. I assume it is the case regardless you use user or app permissions.
If you are using a user access token then you might need to switch to using an app access token retrieved by a call like:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&
grant_type=client_credentials
Is there a way to query for all access_tokens or page_ids that an app has access to? Instinctively I thought I could do me/accounts?access_token= but it looks like it returns all the pages I have access to, not necessarily the ones the app is authorized to manage.
So I know I can check for an access token by calling each page and passing my page access token aka: <graph>/page_id?access_token=xxxx&fields=access_token
I saw that most of these tokens are also in me/accounts but I really am trying to get the view of what pages an APP is managing. That make sense?
Preferably I am looking for a way to get page_id's+access tokens but I would be willing to settle for a graph call that returns all page_ids that I manage, and I will manually query each one.
Do all accounts that I have access to via an app, also show up in my me/accounts?
Any suggesitions ?
So my issue was me/accounts was skewed because I granted permission to the app to "manage pages." As a result any app that am admin for will show up in the me/accounts?access_token=.
Your options for geting access tokens are:
me/accounts?access_token=<app_token>
/page_id/?fields=access_token&access_token=<app_token>
is this a page tab and you want to query what pages it is installed to? Or are you saying your app has asked for the accounts permission and you want to know what it can post to? If the latter I think you should be able to post to all pages associated with the account. This should return the page_id and the access_token
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Faccounts